2 Answers
2

Basically, the difference is that with a file inclusion vulnerability, the resource is loaded and executed in the context of the current application. A directory traversal vulnerability on the other hand, only gives you the ability to read the resource.

Thanks for the answer, which is exactly what I need. But then again, I'm still confused: let's look at the following URL: exploit-db.com/exploits/16250 . It says there that it's a file inclusion vulnerability, but based on your answer it's a directory traversal, since it only allows us to read the file, not actually execute it. Any ideas why?
–
eleanorFeb 18 '12 at 11:19

There is a difference between being able to traverse up directories to access file A ( for example ) to read its contents, and that of being able to include the contents of file A, whether hosted locally or remotely, into the page execution of another file.

If a directory traversal existed to give the attacker access to file A, they should at least not be able to read the content of it. However if File B has this line in it ( or similar ):

if ( isset( $_GET[ 'id' ] ) ) include( $_GET[ 'id' ] . ".php" );

Then it is possible to have the content of file A included in base64 encoding, into file B in what is called a Local File Inclusion attack.